{
  "schema_version": "1.5.0",
  "id": "CURL-CVE-2005-0490",
  "aliases": [
    "CVE-2005-0490"
  ],
  "summary": "Authentication Buffer Overflows",
  "modified": "2026-04-25T17:48:46.00Z",
  "database_specific": {
    "package": "curl",
    "affects": "both",
    "URL": "https://curl.se/docs/CVE-2005-0490.json",
    "www": "https://curl.se/docs/CVE-2005-0490.html",
    "CWE": {
      "id": "CWE-121",
      "desc": "Stack-based Buffer Overflow"
    },
    "last_affected": "7.13.0",
    "severity": "High"
  },
  "published": "2005-02-21T08:00:00.00Z",
  "affected": [
    {
      "ranges": [
        {
           "type": "SEMVER",
           "events": [
             {"introduced": "7.3"},
             {"fixed": "7.13.1"}
           ]
        }      ],
      "versions": [
        "7.13.0", "7.12.3", "7.12.2", "7.12.1", "7.12.0", "7.11.2", "7.11.1", 
        "7.11.0", "7.10.8", "7.10.7", "7.10.6", "7.10.5", "7.10.4", "7.10.3", 
        "7.10.2", "7.10.1", "7.10", "7.9.8", "7.9.7", "7.9.6", "7.9.5", 
        "7.9.4", "7.9.3", "7.9.2", "7.9.1", "7.9", "7.8.1", "7.8", 
        "7.7.3", "7.7.2", "7.7.1", "7.7", "7.6.1", "7.6", "7.5.2", 
        "7.5.1", "7.5", "7.4.2", "7.4.1", "7.4", "7.3"
      ]
    }
  ],
  "credits": [
    {
      "name": "unknown",
      "type": "FINDER"
    }
  ],
  "details": "Due to bad usage of the base64 decode function to a stack-based buffer without\nchecking the data length, it was possible for a malicious HTTP server to\noverflow the client during NTLM negotiation and for an FTP server to overflow\nthe client during krb4 negotiation. The\n[announcement](http://www.idefense.com/application/poi/display?id=202) of this\nflaw was done without contacting us."
}